API Integration Testing
Test ABP Framework APIs end-to-end using xUnit and WebApplicationFactory.
When to Use
-
Testing API endpoints with real HTTP requests
-
Verifying authorization and authentication
-
Testing request/response serialization
-
End-to-end flow validation
-
Database integration testing
Test Project Setup
Project Structure
test/ ├── [Module].HttpApi.Tests/ │ ├── [Module]HttpApiTestBase.cs │ ├── [Module]HttpApiTestModule.cs │ ├── Controllers/ │ │ ├── PatientControllerTests.cs │ │ └── DoctorControllerTests.cs │ └── TestData/ │ └── TestDataSeeder.cs
Test Base Class
public abstract class ClinicHttpApiTestBase : AbpIntegratedTest<ClinicHttpApiTestModule> { protected HttpClient Client { get; } protected IServiceProvider Services => ServiceProvider;
protected ClinicHttpApiTestBase()
{
Client = GetHttpClient();
}
protected HttpClient GetHttpClient()
{
var factory = new WebApplicationFactory<Program>()
.WithWebHostBuilder(builder =>
{
builder.ConfigureServices(services =>
{
// Replace database with in-memory
services.RemoveAll<DbContextOptions<ClinicDbContext>>();
services.AddDbContext<ClinicDbContext>(options =>
options.UseInMemoryDatabase("TestDb"));
});
});
return factory.CreateClient();
}
protected async Task AuthenticateAsAsync(string username, string[] permissions = null)
{
// Set authentication headers
var token = GenerateTestToken(username, permissions);
Client.DefaultRequestHeaders.Authorization =
new AuthenticationHeaderValue("Bearer", token);
}
protected async Task<T> GetAsync<T>(string url)
{
var response = await Client.GetAsync(url);
response.EnsureSuccessStatusCode();
return await response.Content.ReadFromJsonAsync<T>();
}
protected async Task<HttpResponseMessage> PostAsync<T>(string url, T content)
{
return await Client.PostAsJsonAsync(url, content);
}
}
Test Module Configuration
[DependsOn( typeof(ClinicHttpApiModule), typeof(AbpAspNetCoreTestBaseModule) )] public class ClinicHttpApiTestModule : AbpModule { public override void ConfigureServices(ServiceConfigurationContext context) { // Configure test-specific services context.Services.AddSingleton<ICurrentUser, TestCurrentUser>(); } }
Common Test Patterns
CRUD Endpoint Tests
public class PatientControllerTests : ClinicHttpApiTestBase { private const string BaseUrl = "/api/app/patients";
#region GetList
[Fact]
public async Task GetList_ReturnsPagedResult()
{
// Act
var response = await Client.GetAsync(BaseUrl);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var result = await response.Content
.ReadFromJsonAsync<PagedResultDto<PatientDto>>();
result.ShouldNotBeNull();
result.Items.ShouldNotBeNull();
}
[Fact]
public async Task GetList_WithFilter_ReturnsFilteredResults()
{
// Act
var response = await Client.GetAsync($"{BaseUrl}?filter=John");
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var result = await response.Content
.ReadFromJsonAsync<PagedResultDto<PatientDto>>();
result.Items.ShouldAllBe(p => p.Name.Contains("John"));
}
[Fact]
public async Task GetList_WithPagination_RespectsLimits()
{
// Act
var response = await Client.GetAsync($"{BaseUrl}?skipCount=0&maxResultCount=5");
// Assert
var result = await response.Content
.ReadFromJsonAsync<PagedResultDto<PatientDto>>();
result.Items.Count.ShouldBeLessThanOrEqualTo(5);
}
#endregion
#region Get
[Fact]
public async Task Get_ExistingId_ReturnsPatient()
{
// Arrange
var patientId = TestData.PatientId;
// Act
var response = await Client.GetAsync($"{BaseUrl}/{patientId}");
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var patient = await response.Content.ReadFromJsonAsync<PatientDto>();
patient.Id.ShouldBe(patientId);
}
[Fact]
public async Task Get_NonExistingId_Returns404()
{
// Act
var response = await Client.GetAsync($"{BaseUrl}/{Guid.NewGuid()}");
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.NotFound);
}
#endregion
#region Create
[Fact]
public async Task Create_ValidInput_Returns201WithEntity()
{
// Arrange
var input = new CreatePatientDto
{
Name = "Jane Doe",
Email = "jane@example.com",
DateOfBirth = new DateTime(1990, 1, 1)
};
// Act
var response = await Client.PostAsJsonAsync(BaseUrl, input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.Created);
var created = await response.Content.ReadFromJsonAsync<PatientDto>();
created.Name.ShouldBe(input.Name);
created.Id.ShouldNotBe(Guid.Empty);
// Verify Location header
response.Headers.Location.ShouldNotBeNull();
}
[Fact]
public async Task Create_MissingRequiredField_Returns400()
{
// Arrange
var input = new CreatePatientDto
{
// Name is missing (required)
Email = "jane@example.com"
};
// Act
var response = await Client.PostAsJsonAsync(BaseUrl, input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = await response.Content.ReadFromJsonAsync<RemoteServiceErrorResponse>();
error.Error.ValidationErrors
.ShouldContain(e => e.Members.Contains("Name"));
}
[Fact]
public async Task Create_DuplicateEmail_Returns409()
{
// Arrange
var input = new CreatePatientDto
{
Name = "Another Patient",
Email = TestData.ExistingEmail // Already exists
};
// Act
var response = await Client.PostAsJsonAsync(BaseUrl, input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.Conflict);
}
#endregion
#region Update
[Fact]
public async Task Update_ValidInput_Returns200()
{
// Arrange
var patientId = TestData.PatientId;
var input = new UpdatePatientDto
{
Name = "Updated Name",
Email = "updated@example.com"
};
// Act
var response = await Client.PutAsJsonAsync($"{BaseUrl}/{patientId}", input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.OK);
var updated = await response.Content.ReadFromJsonAsync<PatientDto>();
updated.Name.ShouldBe(input.Name);
}
[Fact]
public async Task Update_NonExisting_Returns404()
{
// Arrange
var input = new UpdatePatientDto { Name = "Test" };
// Act
var response = await Client.PutAsJsonAsync($"{BaseUrl}/{Guid.NewGuid()}", input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.NotFound);
}
#endregion
#region Delete
[Fact]
public async Task Delete_ExistingId_Returns204()
{
// Arrange
var patientId = TestData.DeletablePatientId;
// Act
var response = await Client.DeleteAsync($"{BaseUrl}/{patientId}");
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.NoContent);
// Verify deleted (soft delete returns 404)
var getResponse = await Client.GetAsync($"{BaseUrl}/{patientId}");
getResponse.StatusCode.ShouldBe(HttpStatusCode.NotFound);
}
#endregion
}
Authorization Tests
public class PatientAuthorizationTests : ClinicHttpApiTestBase { [Fact] public async Task Create_WithoutPermission_Returns403() { // Arrange await AuthenticateAsAsync("user-without-create-permission"); var input = new CreatePatientDto { Name = "Test" };
// Act
var response = await Client.PostAsJsonAsync("/api/app/patients", input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.Forbidden);
}
[Fact]
public async Task Create_WithPermission_Returns201()
{
// Arrange
await AuthenticateAsAsync("admin", new[] { "Clinic.Patients.Create" });
var input = new CreatePatientDto
{
Name = "Test",
Email = "unique@test.com"
};
// Act
var response = await Client.PostAsJsonAsync("/api/app/patients", input);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.Created);
}
[Fact]
public async Task GetList_Unauthenticated_Returns401()
{
// Arrange - clear any auth headers
Client.DefaultRequestHeaders.Authorization = null;
// Act
var response = await Client.GetAsync("/api/app/patients");
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.Unauthorized);
}
[Theory]
[InlineData("Clinic.Patients.Read", HttpStatusCode.OK)]
[InlineData("Clinic.Doctors.Read", HttpStatusCode.Forbidden)]
public async Task GetList_PermissionVariants_ReturnsExpectedStatus(
string permission,
HttpStatusCode expected)
{
// Arrange
await AuthenticateAsAsync("user", new[] { permission });
// Act
var response = await Client.GetAsync("/api/app/patients");
// Assert
response.StatusCode.ShouldBe(expected);
}
}
Response Format Tests
public class ApiResponseTests : ClinicHttpApiTestBase { [Fact] public async Task ValidationError_HasCorrectFormat() { // Arrange var input = new CreatePatientDto(); // All required fields missing
// Act
var response = await Client.PostAsJsonAsync("/api/app/patients", input);
var content = await response.Content.ReadAsStringAsync();
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
var error = JsonSerializer.Deserialize<RemoteServiceErrorResponse>(content);
error.Error.ShouldNotBeNull();
error.Error.Code.ShouldBe("Volo.Abp.Validation:ValidationError");
error.Error.ValidationErrors.ShouldNotBeEmpty();
}
[Fact]
public async Task NotFound_HasCorrectFormat()
{
// Act
var response = await Client.GetAsync($"/api/app/patients/{Guid.NewGuid()}");
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.NotFound);
var error = await response.Content
.ReadFromJsonAsync<RemoteServiceErrorResponse>();
error.Error.Code.ShouldContain("EntityNotFound");
}
[Fact]
public async Task PagedResult_HasCorrectStructure()
{
// Act
var response = await Client.GetAsync("/api/app/patients");
var content = await response.Content.ReadAsStringAsync();
// Assert
using var doc = JsonDocument.Parse(content);
doc.RootElement.TryGetProperty("totalCount", out _).ShouldBeTrue();
doc.RootElement.TryGetProperty("items", out var items).ShouldBeTrue();
items.ValueKind.ShouldBe(JsonValueKind.Array);
}
}
File Upload Tests
public class FileUploadTests : ClinicHttpApiTestBase { [Fact] public async Task UploadProfileImage_ValidFile_Returns200() { // Arrange var patientId = TestData.PatientId; var content = new MultipartFormDataContent(); var fileContent = new ByteArrayContent(TestData.SampleImageBytes); fileContent.Headers.ContentType = new MediaTypeHeaderValue("image/jpeg"); content.Add(fileContent, "file", "profile.jpg");
// Act
var response = await Client.PostAsync(
$"/api/app/patients/{patientId}/profile-image",
content);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.OK);
}
[Fact]
public async Task UploadProfileImage_OversizedFile_Returns400()
{
// Arrange
var patientId = TestData.PatientId;
var content = new MultipartFormDataContent();
var largeFile = new byte[10 * 1024 * 1024]; // 10MB
content.Add(new ByteArrayContent(largeFile), "file", "large.jpg");
// Act
var response = await Client.PostAsync(
$"/api/app/patients/{patientId}/profile-image",
content);
// Assert
response.StatusCode.ShouldBe(HttpStatusCode.BadRequest);
}
}
Test Data Management
public static class TestData { public static readonly Guid PatientId = Guid.Parse("..."); public static readonly Guid DeletablePatientId = Guid.Parse("..."); public static readonly string ExistingEmail = "existing@example.com";
public static readonly byte[] SampleImageBytes = Convert.FromBase64String("...");
}
public class TestDataSeeder : IDataSeedContributor { public async Task SeedAsync(DataSeedContext context) { var patientRepository = context.ServiceProvider .GetRequiredService<IPatientRepository>();
await patientRepository.InsertAsync(new Patient(
TestData.PatientId,
"Test Patient",
TestData.ExistingEmail,
new DateTime(1990, 1, 1)
));
await patientRepository.InsertAsync(new Patient(
TestData.DeletablePatientId,
"Deletable Patient",
"deletable@example.com",
new DateTime(1990, 1, 1)
));
}
}
Quick Reference
Test Type HTTP Code Pattern
Success (GET) 200 response.StatusCode.ShouldBe(HttpStatusCode.OK)
Created 201 Verify Location header + body
No Content 204 For successful DELETE
Bad Request 400 Check ValidationErrors
Unauthorized 401 Missing/invalid token
Forbidden 403 Missing permission
Not Found 404 Invalid ID
Conflict 409 Duplicate/business rule violation
Related Skills
-
xunit-testing-patterns
-
Base testing patterns
-
test-data-generation
-
Test data setup
-
abp-framework-patterns
-
ABP application patterns